Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:54, on 04.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\windows\System32\TUProgSt.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\dokumente und einstellungen\besitzer\wuaucldt.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\win32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\windows\system32\ctfmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\windows\Qboqof.exe
D:\Eigene Musik\##neue downloads##\####programme####\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...65&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe syce.xto nqxwp
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O2 - BHO: C:\windows\system32\dp0hc8y4.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\windows\system32\dp0hc8y4.dll
O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\windows\system32\regedit.exe
O4 - HKCU\..\Run: [syncman] c:\dokumente und einstellungen\besitzer\wuaucldt.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOKUME~1\Besitzer\LOKALE~1\Temp\win32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Eigene Musik\##neue downloads##\####programme####\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Eigene Musik\##neue downloads##\####programme####\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Programme\Xmarks\IE Extension\xmarkssync.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Programme\Xmarks\IE Extension\xmarkssync.exe (file missing) (HKCU)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programme\Monopoly\Images\stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programme\Monopoly\Images\armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E504FC12-D869-41D8-9434-E208CCFEF481}: NameServer = 213.191.74.18 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: GootkitSSO - {3EB1368C-D84B-4283-82BC-1227A93857B8} - (no file)
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\windows\system32\dp0hc8y4.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\windows\System32\TUProgSt.exe
--
End of file - 7770 bytes
Die markierten Einträge würd ich fixen / im Taskmanager abschießen & löschen.
(Nicht alle markierten Einträge sind schädlich, jedoch alleine aus Performancegründen würd ich sie entfernen)
Ergebnis 1 bis 10 von 12
Baum-Darstellung
-
04.04.2010, 13:49 #12Der `Toastflüsterer`
- Registriert seit
- 27.09.2008
- Beiträge
- 690
Zitieren
